AA
i m using Fedora 2 with squid stable 10 with 1MB of Internet Pipe directly connected on eth1 and lan of eth0 which provides internet facility to institute and its hostels now having a problem that in hostels few students installed proxy service on there PC's and start giving internet to other guys on lan who are not permited for internet usage .how can we stop that further internet sharing is there a way to stop clients to run there own proxy service ...
Any Help in this regard with be a great help
Thanks in Advance
Maham
Internet Sharing
You need to install some kind of firewall in your server and use that to filter the traffic passing through eth0 to eth1. The other proxies must be using NAT to pass traffic. What you need to do it drop every packet with non-standard TCP port e.g. HTTP/Tcp port 80, DNS lookups, TCP port 21 for FTP etc. If you have allowed other apps like MSN etc, you need to allow those ports too.
Better yet, keep a log of IPchains filter and look there for IP's opening up multiple non-standard ports. Then you can block those IP's / MAC addresses using MAC address in your DHCP server to punish those miscreants.
Ipchains is the defacto standard on linux and if you have trouble configuring it, you can use shorewall to make your life easier.
I myself use Gentoo so can't tell you how to install/configure Ipchains & shorewall on it. There must be a RPM package somewhere on the net. try googling for it.
I am not at my linux station otherwise would have given you some example configs etc. You can find a lot of info on Shorewall website.
Better yet, keep a log of IPchains filter and look there for IP's opening up multiple non-standard ports. Then you can block those IP's / MAC addresses using MAC address in your DHCP server to punish those miscreants.
Ipchains is the defacto standard on linux and if you have trouble configuring it, you can use shorewall to make your life easier.
I myself use Gentoo so can't tell you how to install/configure Ipchains & shorewall on it. There must be a RPM package somewhere on the net. try googling for it.
I am not at my linux station otherwise would have given you some example configs etc. You can find a lot of info on Shorewall website.
U have enabled proxy cascading. By the way proxy cascading is disbaled by default in squid.
what proxy r u using it is simple proxy or transparent proxy. it is simple tune ur ACL list like
acl hostel src 10.1.1.1-10.1.1.100
http_access allow host
don't forget to add the line
http_access deny all - at the end
if ur using transparent proxy, pls post the script i vil give you the 2 commands which vil help u but ACL tuning itself is enough.
what proxy r u using it is simple proxy or transparent proxy. it is simple tune ur ACL list like
acl hostel src 10.1.1.1-10.1.1.100
http_access allow host
don't forget to add the line
http_access deny all - at the end
if ur using transparent proxy, pls post the script i vil give you the 2 commands which vil help u but ACL tuning itself is enough.